Názor k článku
Bezpečnostná chyba v PGPdisku a TrueCrypte od su - \mathfrak{M}ĦĒNJMARCHON - Proč hned do toho mícháte konspirační teorie? Aby...

Proč hned do toho mícháte konspirační teorie?

Aby bola sranda ;-)

PGP Virtual Disk can be mounted without the knowledge of the passphrase. If the volume is EMPTY this will work just just by changing some bytes inside the .pgd file. If the volume is NOT EMPTY, it can be mounted without the passphrase knowledge after patching the passphrase location BUT WHEN YOU CLICK THE DISK IT WILL SAY IT NEED TO BE FORMATTED. At this point you can delete users add users and re-encrypt the disk. We believe that extraction of any disk is possible if you spent some time in your debugger.

When the passphrase is changed PGP does not change the underlying key which will allow any user who had access to regain that access back.

Co utocnik moze: ak si user vytvori PGPdisk, jeho komp je kompromitovany a utocnik sa dozvie heslo, tak user moze heslo zmenit aj stokrat a nic mu to nepomoze, pretoze symetricky (?) kluc pouzity na zasifrovanie disku ostal rovnaky. Trebars user nevie, ze jeho komp bol kompromitovany (mozno nebol), ale ked si zmeni heslo, je to to takmer to iste ako keby si heslo nezmenil. Pri zmene hesla BY SA MAL zmenit aj sifrovaci kluc a cely disk BY MAL BYT nanovo zasifrovany novym klucom, odvodenym trebars via PBKDF2 z hesla. To znamena, ze klasicke doporucenie menit obcas hesla userovi v tomto pripade nepomoze.